9TO5MAC.COM
Security Bite: Why email security is still so bad
Its a little-known fact that before emails reach your inbox, they pass through a buffer designed to scan and block malicious content. However, over time, email providersespecially Gmailhave shifted their focus to just adding warning labels to those with suspicious links or attachments. This approach, best described as beating around the bush hasnt reduced threats much at all. Shockingly, 91% of all cyberattacks still originate from emails. So, what gives?9to5Mac Security Bite is exclusively brought to you by Mosyle,the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.First, lets look at how bad things currently are.In an earlier Security Bite, I discussed a study by web browser security startup SquareX that revealed just how little companies are doing to block malicious attachments and protect users.The team of researchers took several different types of malware samples, attached them to emails, and sent them through Proton Mail to addresses on iCloud Mail, Gmail, Outlook, Yahoo! Mail, and AOL, part of the Yahoo! group. Notably, if the emails were delivered successfully to the users, they might be vulnerable to any potential threat contained within those attachments.The table below summarizes the results of sending 7 of the 100 malicious samples to the various email providers, indicating whether the malicious attachment was delivered. If an email was undelivered, it is a sign that malware was detected when the email was being processed by the server, according to the study from SquareX.Table showing what malware samples passed which email providers scanners and were delivered successfully.Image: SquareXThe dilemmaInvesting in robust email security features may seem like the obvious critical part of protecting users. However, Ian Thornton-Trump, CISO with threat intelligence solutions firm Cyjax, told Forbes, this is akin to asking the free Wi-Fi at a Starbucks why are they not blocking more or all cyber attacks. He further explained that its tough to balance free and secure in the same sentence.Thornton-Trump argues that adding advanced email security features can be deeply problematic with false positives, which may involve the use of technical support resources to help or fixthat expense across millions of users on a free platform may be commercially untenable.Moreover, others argue that email providers are dragging their feet on something that could cost substantial resources and impact their bottom line. While not specifically framed as for blocking spam, iOS 18, iPadOS 18, and macOS 15 offer better categorization and summaries of emails, thanks to Apple Intelligence, making it easier to reduce clutter and identify whats important.Ill be interested to see if Apple ever integrates any other AI security features into the Mail app. Using Apple Intelligence to better warn users or outright remove malicious attachments and URLs from emails in real-time could be killer.Im curious to hear your thoughts. Please tell me you are not still using AOLAbout Security Bite: Security Bite is a weekly security-focused column on 9to5Mac. Every week, Arin Waichulis delivers insights on data privacy, uncovers vulnerabilities, or sheds light on emerging threats within Apples vast ecosystem of over 2 billion active devices to help you still safe.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
0 Comments 0 Shares 21 Views